The first step is to create a security group or groups.
For this demonstration I am creating one security group and I am provisioning one Domain Controller and one member server which I am joining to the domain example.local.
You could create more than one security group but you would then need to create routes between them.
To create a security group open the EC2 Dashboard click on Security Groups and then click Create Security Group
Create a meaningful Name for the Security group and an optional description. Then click on add rule.
The first rule should be to create an RDP session to your ip address or subnet as the case may be it is best not to allow everybody RDP access.
Then click create
If you have a dynamically assigned IP address you can still do this just remember to alter the security group rule to My IP whenever you need to.
Instances that are in the same security group have full access to each other so there should be no need to create any more rules unless you have a specific need.
So now we need two instances. I am going to use spot instances as they are much cheaper. You should use whatever instance is right for you.
Requesting a spot instance go to Spot Requests and select Request Spot instances.
Select the spot instance you want in this case I am selecting 2012 R2 base
Choose an instance type that suits you and click Next
Enter an amount equal to or greater than the current price. In this case 2 cents an hour.
and click next
I am leaving storage at the default and clicking next
Add and appropriate tag or don’t
It is important to select the correct security group because you can not change it after the instance is built. (You can change the rules but not the security group). If you miss this step you might as well start again.
Check your setting and click launch.
select a pem file and click request spot instance.
Repeat this process to build the member server. Make sure you select the same security group.
Wait a while while these requests are fulfilled.
when the instances are fulfilled.
Click on instances and when 2/2 checks are complete you can get the password and log on to the servers.
Click on your instance and click connect
Then click get password
Click on choose path navigate to where your pem file is click ok
Then click Decrypt Password
At this point I like to copy the Public DNS username and Password to notepad so that I can quickly copy and paste from there.
Public DNS ec2-54-89-145-221.compute-1.amazonaws.com
User name Administrator
Do the same for the other server and log on with RDP using the credentials provided.
After the domain controller is online log on to it and collect it’s private IP address.
Log on to the member server.
It is a good idea to rename it something logical use the powershell command
Rename-Computer MS01 -Restart
If you want to do that the fastest way.
From the Member Server test connectivity to the DC.
In this case it did not work until I created a firewall rule in the security group
With EC2 classic you don’t really have any control over what private IP address they give you so to cover the entire 10.X.X.X range I used 10.0.0.0/8 as my custom IP subnet.
As I don’t care what traffic travels between my two servers I have chosen 10.anything for all TCP, UDP, and ICMP.
Now I can ping the DC by IP address but not the FQDN
PS C:\Users\Administrator> ping dc01
Ping request could not find host dc01. Please check the name and try again.
PS C:\Users\Administrator> ping dc01.example.local
Ping request could not find host dc01.example.local. Please check the name and try again.
To do this you need to adjust the network settings on the network adapter.
It is tempting to just assign a static IP address. DO NOT DO THAT you will lose your connection and you will have to terminate your instance and start again.
what to do here is do ipconfig /all to find out the assigned DNS server and make a note of the IP address of your domain controller.
Click Use the following DNS server addresses radio button and for prefered DNS server use your DC and as alternate use Amazons DNS server.
Now you should be able to ping using the DNS name.
Now you are ready to join the domain.
PS C:\Users\Administrator> Add-Computer -DomainName example.local
cmdlet Add-Computer at command pipeline position 1
Supply values for the following parameters:
WARNING: The changes will take effect after you restart the computer MS01.
PS C:\Users\Administrator> Restart-Computer
And now the Server has joined the Domain.
If you prefer to use the GUI you can do it this way.